diff options
38 files changed, 130 insertions, 83 deletions
diff --git a/debian/.git-dpm b/debian/.git-dpm index be248d5..430b68a 100644 --- a/debian/.git-dpm +++ b/debian/.git-dpm @@ -1,6 +1,6 @@ # see git-dpm(1) from git-dpm package -3a5a49f1a4355e7f75ec350cb13f46ea835058da -3a5a49f1a4355e7f75ec350cb13f46ea835058da +7dc177f6145fd9f52b0ba7a072c3fd4739720a65 +7dc177f6145fd9f52b0ba7a072c3fd4739720a65 cf05e8418c088a6e5712344cecaf6ee2d5eb550f cf05e8418c088a6e5712344cecaf6ee2d5eb550f openssh_9.7p1.orig.tar.gz diff --git a/debian/changelog b/debian/changelog index 7667fb5..0b39967 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,18 @@ +openssh (1:9.7p1-3) unstable; urgency=medium + + * Fix gssapi-keyex declaration further (thanks, Andreas Hasenack; + LP: #2053146). + * Extend -fzero-call-used-regs check to catch m68k gcc bug (closes: + #1067243). + * debian/tests/regress: Set a different IP address for UNKNOWN. + * Re-enable ssh-askpass-gnome on all architectures. + * regress: Redirect conch stdin from /dev/zero (re-enables conch interop + tests). + * Drop "Work around RSA SHA-2 signature issues in conch" patch (no longer + needed now that Twisted is fixed). + + -- Colin Watson <cjwatson@debian.org> Sun, 31 Mar 2024 11:55:38 +0100 + openssh (1:9.7p1-2) unstable; urgency=medium [ Simon McVittie ] diff --git a/debian/control b/debian/control index 38abe62..0a785bc 100644 --- a/debian/control +++ b/debian/control @@ -10,7 +10,7 @@ Build-Depends: debhelper (>= 13.1~), libaudit-dev [linux-any], libedit-dev, libfido2-dev (>= 1.5.0) [linux-any], - libgtk-3-dev [!armel !armhf !hppa !m68k !powerpc !sh4] <!pkg.openssh.nognome>, + libgtk-3-dev <!pkg.openssh.nognome>, libkrb5-dev | heimdal-dev, libpam0g-dev | libpam-dev, libselinux1-dev [linux-any], diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch index 70596b9..2a183b1 100644 --- a/debian/patches/authorized-keys-man-symlink.patch +++ b/debian/patches/authorized-keys-man-symlink.patch @@ -1,4 +1,4 @@ -From 1714f9926d197f8015c17081bc582904b908aceb Mon Sep 17 00:00:00 2001 +From 8c2f7f932f143c330a74389d094117d7c85f51f9 Mon Sep 17 00:00:00 2001 From: Tomas Pospisek <tpo_deb@sourcepole.ch> Date: Sun, 9 Feb 2014 16:10:07 +0000 Subject: Install authorized_keys(5) as a symlink to sshd(8) diff --git a/debian/patches/conch-ssh-rsa.patch b/debian/patches/conch-ssh-rsa.patch deleted file mode 100644 index 1025adc..0000000 --- a/debian/patches/conch-ssh-rsa.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 1a567ea25bebb83f7765cf05401e974f855e6938 Mon Sep 17 00:00:00 2001 -From: Colin Watson <cjwatson@debian.org> -Date: Tue, 15 Feb 2022 18:25:35 +0000 -Subject: Work around RSA SHA-2 signature issues in conch - -This was supposed to be fixed in Twisted upstream -(https://twistedmatrix.com/trac/ticket/9765), and that fix is in Debian -now. However, regression tests still seem to fail in GitLab CI but not -locally (see e.g. -https://salsa.debian.org/ssh-team/openssh/-/jobs/3513178). Leave this -in place for now until we figure out what's wrong. - -Forwarded: not-needed -Last-Update: 2022-11-14 - -Patch-Name: conch-ssh-rsa.patch ---- - regress/test-exec.sh | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/regress/test-exec.sh b/regress/test-exec.sh -index 56e98159c..bec44adb5 100644 ---- a/regress/test-exec.sh -+++ b/regress/test-exec.sh -@@ -752,6 +752,17 @@ REGRESS_INTEROP_CONCH=no - if test -x "$CONCH" ; then - REGRESS_INTEROP_CONCH=yes - fi -+case "$SCRIPT" in -+*conch*) ;; -+*) REGRESS_INTEROP_CONCH=no -+esac -+ -+if test "$REGRESS_INTEROP_CONCH" = "yes" ; then -+ # Work around missing support for RSA SHA-2 signatures: -+ # https://twistedmatrix.com/trac/ticket/9765 -+ echo HostKeyAlgorithms +ssh-rsa >> $OBJ/sshd_config -+ echo PubkeyAcceptedAlgorithms +ssh-rsa >> $OBJ/sshd_config -+fi - - # If PuTTY is present, new enough and we are running a PuTTY test, prepare - # keys and configuration. diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch index 4873a86..bfdf8ec 100644 --- a/debian/patches/debian-banner.patch +++ b/debian/patches/debian-banner.patch @@ -1,4 +1,4 @@ -From 1ec718d6b26bebc1c2c8b8774097c2a3d4805542 Mon Sep 17 00:00:00 2001 +From 30df3f03ff91b648414b35bdc697ce9127a9fe90 Mon Sep 17 00:00:00 2001 From: Kees Cook <kees@debian.org> Date: Sun, 9 Feb 2014 16:10:06 +0000 Subject: Add DebianBanner server configuration option diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch index 362b630..f53bac5 100644 --- a/debian/patches/debian-config.patch +++ b/debian/patches/debian-config.patch @@ -1,4 +1,4 @@ -From 0790e776cbf191c6c621de01259dfe32623fd13e Mon Sep 17 00:00:00 2001 +From 4f52dcf6ce616f6e674d6af0ceebb3e2f6b147a3 Mon Sep 17 00:00:00 2001 From: Colin Watson <cjwatson@debian.org> Date: Sun, 9 Feb 2014 16:10:18 +0000 Subject: Various Debian-specific configuration changes diff --git a/debian/patches/dnssec-sshfp.patch b/debian/patches/dnssec-sshfp.patch index 6de17c8..9d4cb3c 100644 --- a/debian/patches/dnssec-sshfp.patch +++ b/debian/patches/dnssec-sshfp.patch @@ -1,4 +1,4 @@ -From 95996e9626ca13ca67e75e0158bb50057fadfa3b Mon Sep 17 00:00:00 2001 +From 2d07e4a73975fd8b478680e8a4490fc6c48a6390 Mon Sep 17 00:00:00 2001 From: Colin Watson <cjwatson@debian.org> Date: Sun, 9 Feb 2014 16:10:01 +0000 Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf diff --git a/debian/patches/doc-hash-tab-completion.patch b/debian/patches/doc-hash-tab-completion.patch index 4e9f5ba..6f648b0 100644 --- a/debian/patches/doc-hash-tab-completion.patch +++ b/debian/patches/doc-hash-tab-completion.patch @@ -1,4 +1,4 @@ -From 9932c1a0e0a092767e8084d24b2efcab590910d1 Mon Sep 17 00:00:00 2001 +From a783425eb21dfb3e4432dbbdb7e4e0653a436e7e Mon Sep 17 00:00:00 2001 From: Colin Watson <cjwatson@debian.org> Date: Sun, 9 Feb 2014 16:10:11 +0000 Subject: Document that HashKnownHosts may break tab-completion diff --git a/debian/patches/gnome-ssh-askpass2-icon.patch b/debian/patches/gnome-ssh-askpass2-icon.patch index da85da8..e055cab 100644 --- a/debian/patches/gnome-ssh-askpass2-icon.patch +++ b/debian/patches/gnome-ssh-askpass2-icon.patch @@ -1,4 +1,4 @@ -From 88b6d6e61aa61bae505ab5ce332380be4fe1b1b3 Mon Sep 17 00:00:00 2001 +From 808d4d2c8a93272e5ec08a27024e76efd491ce14 Mon Sep 17 00:00:00 2001 From: Vincent Untz <vuntz@ubuntu.com> Date: Sun, 9 Feb 2014 16:10:16 +0000 Subject: Give the ssh-askpass-gnome window a default icon diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch index b943ba7..7c3ba4a 100644 --- a/debian/patches/gssapi.patch +++ b/debian/patches/gssapi.patch @@ -1,4 +1,4 @@ -From 156d561811630c66f06068ee7892b3cbf90f0d1a Mon Sep 17 00:00:00 2001 +From 4431708c5c325cdbcf802e5d86ea1f4da78c1b50 Mon Sep 17 00:00:00 2001 From: Simon Wilkinson <simon@sxw.org.uk> Date: Sun, 9 Feb 2014 16:09:48 +0000 Subject: GSSAPI key exchange support @@ -256,7 +256,7 @@ index 3b380d9bb..8ccf06370 100644 * Return the canonical name of the host in the other side of the current * connection. The host name is cached, so it is efficient to call this diff --git a/auth2-gss.c b/auth2-gss.c -index f72a38998..c3b8e6288 100644 +index f72a38998..052c7b80f 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -1,7 +1,7 @@ @@ -276,7 +276,7 @@ index f72a38998..c3b8e6288 100644 + * The 'gssapi_keyex' userauth mechanism. + */ +static int -+userauth_gsskeyex(struct ssh *ssh) ++userauth_gsskeyex(struct ssh *ssh, const char *method) +{ + Authctxt *authctxt = ssh->authctxt; + int r, authenticated = 0; diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch index 139084a..3b207db 100644 --- a/debian/patches/keepalive-extensions.patch +++ b/debian/patches/keepalive-extensions.patch @@ -1,4 +1,4 @@ -From 2b4e16a9212c0c8924e528e45871c75bfb0662b3 Mon Sep 17 00:00:00 2001 +From 50a68a21649c42d5587e78cab2c63ee3add81dd4 Mon Sep 17 00:00:00 2001 From: Richard Kettlewell <rjk@greenend.org.uk> Date: Sun, 9 Feb 2014 16:09:52 +0000 Subject: Various keepalive extensions diff --git a/debian/patches/maxhostnamelen.patch b/debian/patches/maxhostnamelen.patch index a09bb86..4cfe801 100644 --- a/debian/patches/maxhostnamelen.patch +++ b/debian/patches/maxhostnamelen.patch @@ -1,4 +1,4 @@ -From 50bdc8330d6fa86723d493e0d6a2a4fd7ebdccd9 Mon Sep 17 00:00:00 2001 +From 25f238231292eefa02a723b84de6428baca3b7ab Mon Sep 17 00:00:00 2001 From: Svante Signell <svante.signell@gmail.com> Date: Fri, 5 Nov 2021 23:22:53 +0000 Subject: Define MAXHOSTNAMELEN on GNU/Hurd diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch index 7a0ab27..a26d2b1 100644 --- a/debian/patches/mention-ssh-keygen-on-keychange.patch +++ b/debian/patches/mention-ssh-keygen-on-keychange.patch @@ -1,4 +1,4 @@ -From d063a438467f31908ef2cfa124f7e648237926d2 Mon Sep 17 00:00:00 2001 +From 60c7e9102d69c1b2a50fd58c9a322d8e6d1d2117 Mon Sep 17 00:00:00 2001 From: Scott Moser <smoser@ubuntu.com> Date: Sun, 9 Feb 2014 16:10:03 +0000 Subject: Mention ssh-keygen in ssh fingerprint changed warning diff --git a/debian/patches/no-openssl-version-status.patch b/debian/patches/no-openssl-version-status.patch index 313e61e..1fc4765 100644 --- a/debian/patches/no-openssl-version-status.patch +++ b/debian/patches/no-openssl-version-status.patch @@ -1,4 +1,4 @@ -From 4c461060f1d0477b582b7b2ee112c8d8925bf446 Mon Sep 17 00:00:00 2001 +From 03ba0382a8ac499aba50aa0203d89586fa785628 Mon Sep 17 00:00:00 2001 From: Kurt Roeckx <kurt@roeckx.be> Date: Sun, 9 Feb 2014 16:10:14 +0000 Subject: Don't check the status field of the OpenSSL version diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch index a21fcfd..b8eb435 100644 --- a/debian/patches/openbsd-docs.patch +++ b/debian/patches/openbsd-docs.patch @@ -1,4 +1,4 @@ -From 469b4b6649073a7d42ad897db0985c74c776c8ad Mon Sep 17 00:00:00 2001 +From 5ec3ad9b1f13f624244f7dea20d43e8972ce9e97 Mon Sep 17 00:00:00 2001 From: Colin Watson <cjwatson@debian.org> Date: Sun, 9 Feb 2014 16:10:09 +0000 Subject: Adjust various OpenBSD-specific references in manual pages diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch index 1507190..1a81e91 100644 --- a/debian/patches/package-versioning.patch +++ b/debian/patches/package-versioning.patch @@ -1,4 +1,4 @@ -From 1a1c5dad468ae8bc92ab599c5fb31e0ecff8b291 Mon Sep 17 00:00:00 2001 +From eb68bf3cb81031d4a765b9c7745842bb49b7b3bb Mon Sep 17 00:00:00 2001 From: Matthew Vernon <matthew@debian.org> Date: Sun, 9 Feb 2014 16:10:05 +0000 Subject: Include the Debian version in our identification diff --git a/debian/patches/regress-conch-dev-zero.patch b/debian/patches/regress-conch-dev-zero.patch new file mode 100644 index 0000000..fed6e66 --- /dev/null +++ b/debian/patches/regress-conch-dev-zero.patch @@ -0,0 +1,39 @@ +From 7dc177f6145fd9f52b0ba7a072c3fd4739720a65 Mon Sep 17 00:00:00 2001 +From: Colin Watson <cjwatson@debian.org> +Date: Sun, 31 Mar 2024 00:24:11 +0000 +Subject: regress: Redirect conch stdin from /dev/zero + +This is more convenient than requiring a controlling terminal. + +Forwarded: https://bugzilla.mindrot.org/show_bug.cgi?id=3676 +Last-Update: 2024-03-31 + +Patch-Name: regress-conch-dev-zero.patch +--- + regress/conch-ciphers.sh | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh +index 26b606d65..22168570c 100644 +--- a/regress/conch-ciphers.sh ++++ b/regress/conch-ciphers.sh +@@ -7,10 +7,6 @@ if test "x$REGRESS_INTEROP_CONCH" != "xyes" ; then + skip "conch interop tests not enabled" + fi + +-if ! [ -t 0 ]; then +- skip "conch interop tests requires a controlling terminal" +-fi +- + start_sshd + + for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \ +@@ -21,7 +17,7 @@ for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \ + # in conch + ${CONCH} --identity $OBJ/ssh-ed25519 --port $PORT --user $USER -e none \ + --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \ +- 127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY} ++ 127.0.0.1 "cat ${DATA}" </dev/zero 2>/dev/null | cat > ${COPY} + if [ $? -ne 0 ]; then + fail "ssh cat $DATA failed" + fi diff --git a/debian/patches/restore-authorized_keys2.patch b/debian/patches/restore-authorized_keys2.patch index 0593a62..a614c3c 100644 --- a/debian/patches/restore-authorized_keys2.patch +++ b/debian/patches/restore-authorized_keys2.patch @@ -1,4 +1,4 @@ -From b384c589793e821d84beb06517a7a2a57252fe08 Mon Sep 17 00:00:00 2001 +From 629d831d473ca49b8593e4a711012bb812e544b7 Mon Sep 17 00:00:00 2001 From: Colin Watson <cjwatson@debian.org> Date: Sun, 5 Mar 2017 02:02:11 +0000 Subject: Restore reading authorized_keys2 by default diff --git a/debian/patches/restore-tcp-wrappers.patch b/debian/patches/restore-tcp-wrappers.patch index 08f409f..ee53872 100644 --- a/debian/patches/restore-tcp-wrappers.patch +++ b/debian/patches/restore-tcp-wrappers.patch @@ -1,4 +1,4 @@ -From eb0b8c59654fd04802c6a558027bbe3d9c22e3ff Mon Sep 17 00:00:00 2001 +From f6856e554804e6bd6c93fb48bea73a26f912ad7f Mon Sep 17 00:00:00 2001 From: Colin Watson <cjwatson@debian.org> Date: Tue, 7 Oct 2014 13:22:41 +0100 Subject: Restore TCP wrappers support diff --git a/debian/patches/revert-ipqos-defaults.patch b/debian/patches/revert-ipqos-defaults.patch index c371708..619328b 100644 --- a/debian/patches/revert-ipqos-defaults.patch +++ b/debian/patches/revert-ipqos-defaults.patch @@ -1,4 +1,4 @@ -From 24c6df47a8a17754e4d23fd4331c3fb35290a09d Mon Sep 17 00:00:00 2001 +From c6529b6eeabc3312e7b0c00c8451a496eb5d8ae6 Mon Sep 17 00:00:00 2001 From: Colin Watson <cjwatson@debian.org> Date: Mon, 8 Apr 2019 10:46:29 +0100 Subject: Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP diff --git a/debian/patches/scp-quoting.patch b/debian/patches/scp-quoting.patch index 4885406..f450ef7 100644 --- a/debian/patches/scp-quoting.patch +++ b/debian/patches/scp-quoting.patch @@ -1,4 +1,4 @@ -From c598a3560a7962dfe0d121e34d18e5e099d6199f Mon Sep 17 00:00:00 2001 +From 5c274c836094e9091ebad95435d79780a4316020 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Valc=C3=A1rcel?= <nvalcarcel@ubuntu.com> Date: Sun, 9 Feb 2014 16:09:59 +0000 Subject: Adjust scp quoting in verbose mode diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch index ab745cc..4287d28 100644 --- a/debian/patches/selinux-role.patch +++ b/debian/patches/selinux-role.patch @@ -1,4 +1,4 @@ -From 600da3fe528ebd7d07e40c064af332f447ece282 Mon Sep 17 00:00:00 2001 +From 13a9ed0149b0861aac9c6c6f078ff42a5d8839f0 Mon Sep 17 00:00:00 2001 From: Manoj Srivastava <srivasta@debian.org> Date: Sun, 9 Feb 2014 16:09:49 +0000 Subject: Handle SELinux authorisation roles diff --git a/debian/patches/series b/debian/patches/series index def4639..2c687c3 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -23,6 +23,7 @@ debian-config.patch restore-authorized_keys2.patch revert-ipqos-defaults.patch maxhostnamelen.patch -conch-ssh-rsa.patch systemd-socket-activation.patch skip-utimensat-test-on-zfs.patch +zero-call-used-regs-m68k.patch +regress-conch-dev-zero.patch diff --git a/debian/patches/shell-path.patch b/debian/patches/shell-path.patch index ce44ea4..40fec93 100644 --- a/debian/patches/shell-path.patch +++ b/debian/patches/shell-path.patch @@ -1,4 +1,4 @@ -From 3f074c0c57936f7a8f30a3b29231b52e640156b7 Mon Sep 17 00:00:00 2001 +From 09466af13847aea5aa2ff17c29181c6e55e31dc2 Mon Sep 17 00:00:00 2001 From: Colin Watson <cjwatson@debian.org> Date: Sun, 9 Feb 2014 16:10:00 +0000 Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand diff --git a/debian/patches/skip-utimensat-test-on-zfs.patch b/debian/patches/skip-utimensat-test-on-zfs.patch index 9a4440f..7707531 100644 --- a/debian/patches/skip-utimensat-test-on-zfs.patch +++ b/debian/patches/skip-utimensat-test-on-zfs.patch @@ -1,4 +1,4 @@ -From 3a5a49f1a4355e7f75ec350cb13f46ea835058da Mon Sep 17 00:00:00 2001 +From 4c1c5dc36c96a8e6dd34fd43caf83d292a33b797 Mon Sep 17 00:00:00 2001 From: Colin Watson <cjwatson@debian.org> Date: Mon, 11 Mar 2024 16:24:49 +0000 Subject: Skip utimensat test on ZFS diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch index 44faed9..1f78cef 100644 --- a/debian/patches/ssh-agent-setgid.patch +++ b/debian/patches/ssh-agent-setgid.patch @@ -1,4 +1,4 @@ -From c6bcbc31b9d32bf7245b986ca2faee3ef232a63d Mon Sep 17 00:00:00 2001 +From 93c14bbee1fee649dd5b8f0e5fa7f8904b1a2a71 Mon Sep 17 00:00:00 2001 From: Colin Watson <cjwatson@debian.org> Date: Sun, 9 Feb 2014 16:10:13 +0000 Subject: Document consequences of ssh-agent being setgid in ssh-agent(1) diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch index e1b1a42..b2e7bbf 100644 --- a/debian/patches/ssh-argv0.patch +++ b/debian/patches/ssh-argv0.patch @@ -1,4 +1,4 @@ -From be35ece5eed3d3848aee30edae9cd7b05fa8f351 Mon Sep 17 00:00:00 2001 +From 50eb278261460a0ddc942b72b1542910c17966ad Mon Sep 17 00:00:00 2001 From: Colin Watson <cjwatson@debian.org> Date: Sun, 9 Feb 2014 16:10:10 +0000 Subject: ssh(1): Refer to ssh-argv0(1) diff --git a/debian/patches/ssh-vulnkey-compat.patch b/debian/patches/ssh-vulnkey-compat.patch index a5196da..f517596 100644 --- a/debian/patches/ssh-vulnkey-compat.patch +++ b/debian/patches/ssh-vulnkey-compat.patch @@ -1,4 +1,4 @@ -From 3058f5b885688bb8f660b97506080e67856f8422 Mon Sep 17 00:00:00 2001 +From 2d6d05de518be9a3b3724a951e9dcb57e4c6124e Mon Sep 17 00:00:00 2001 From: Colin Watson <cjwatson@ubuntu.com> Date: Sun, 9 Feb 2014 16:09:50 +0000 Subject: Accept obsolete ssh-vulnkey configuration options diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch index 3281b3a..7704549 100644 --- a/debian/patches/syslog-level-silent.patch +++ b/debian/patches/syslog-level-silent.patch @@ -1,4 +1,4 @@ -From 289063d080305b43743ba16c0fef2c0d96068993 Mon Sep 17 00:00:00 2001 +From 1b1705fba0225804c8ecec8b3a911d4407248c91 Mon Sep 17 00:00:00 2001 From: Natalie Amery <nmamery@chiark.greenend.org.uk> Date: Sun, 9 Feb 2014 16:09:54 +0000 Subject: "LogLevel SILENT" compatibility diff --git a/debian/patches/systemd-readiness.patch b/debian/patches/systemd-readiness.patch index c2120d0..8f1e1ae 100644 --- a/debian/patches/systemd-readiness.patch +++ b/debian/patches/systemd-readiness.patch @@ -1,4 +1,4 @@ -From e53b37df6356d224810f083e79ff662206243889 Mon Sep 17 00:00:00 2001 +From b939a041afc3938937a3e9d2495202cf1a7b90ab Mon Sep 17 00:00:00 2001 From: Michael Biebl <biebl@debian.org> Date: Mon, 21 Dec 2015 16:08:47 +0000 Subject: Add systemd readiness notification support diff --git a/debian/patches/systemd-socket-activation.patch b/debian/patches/systemd-socket-activation.patch index 80b3860..9867ccf 100644 --- a/debian/patches/systemd-socket-activation.patch +++ b/debian/patches/systemd-socket-activation.patch @@ -1,4 +1,4 @@ -From 3b17dcc797febf6d8ebf0474a4fa835b14a6ec11 Mon Sep 17 00:00:00 2001 +From d4af38f9aa8f2daa0ae01b994666116f1420d305 Mon Sep 17 00:00:00 2001 From: Steve Langasek <steve.langasek@ubuntu.com> Date: Thu, 1 Sep 2022 16:03:37 +0100 Subject: Support systemd socket activation diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch index dc443de..163039d 100644 --- a/debian/patches/user-group-modes.patch +++ b/debian/patches/user-group-modes.patch @@ -1,4 +1,4 @@ -From 191cadd9a252e1b53aea3e65ae5d348b73e96b8a Mon Sep 17 00:00:00 2001 +From 673c225f85e2666e10be71a1d87225de2bb2aeb2 Mon Sep 17 00:00:00 2001 From: Colin Watson <cjwatson@debian.org> Date: Sun, 9 Feb 2014 16:09:58 +0000 Subject: Allow harmless group-writability diff --git a/debian/patches/zero-call-used-regs-m68k.patch b/debian/patches/zero-call-used-regs-m68k.patch new file mode 100644 index 0000000..1e90eaa --- /dev/null +++ b/debian/patches/zero-call-used-regs-m68k.patch @@ -0,0 +1,30 @@ +From 781d9de6499eb979e9f1a66242bcf58250a1f21e Mon Sep 17 00:00:00 2001 +From: Colin Watson <cjwatson@debian.org> +Date: Thu, 21 Mar 2024 10:20:21 +0000 +Subject: Extend -fzero-call-used-regs check to catch m68k gcc bug + +Bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110934 +Bug-Debian: https://bugs.debian.org/1067243 +Forwarded: https://bugzilla.mindrot.org/show_bug.cgi?id=3673 +Last-Update: 2024-03-24 + +Patch-Name: zero-call-used-regs-m68k.patch +--- + m4/openssh.m4 | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/m4/openssh.m4 b/m4/openssh.m4 +index 033df501c..176a8d1c9 100644 +--- a/m4/openssh.m4 ++++ b/m4/openssh.m4 +@@ -20,7 +20,10 @@ char *f2(char *s, ...) { + va_end(args); + return strdup(ret); + } ++int i; ++double d; + const char *f3(int s) { ++ i = (int)d; + return s ? "good" : "gooder"; + } + int main(int argc, char **argv) { diff --git a/debian/rules b/debian/rules index cd4c27b..fd9ab8d 100755 --- a/debian/rules +++ b/debian/rules @@ -108,10 +108,6 @@ ifeq ($(shell dpkg-vendor --is Ubuntu && echo yes) $(DEB_HOST_ARCH), yes i386) BUILD_PACKAGES += -Nopenssh-tests endif -ifeq ($(DEB_HOST_ARCH_BITS)$(filter i386,$(DEB_HOST_ARCH_CPU)),32) - BUILD_PACKAGES += -Nssh-askpass-gnome -endif - %: dh $@ --with=runit $(BUILD_PACKAGES) @@ -136,11 +132,9 @@ ifeq ($(filter noudeb,$(DEB_BUILD_PROFILES)),) $(MAKE) -C debian/build-udeb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen endif -ifneq ($(DEB_HOST_ARCH_BITS)$(filter i386,$(DEB_HOST_ARCH_CPU)),32) ifeq ($(filter pkg.openssh.nognome,$(DEB_BUILD_PROFILES)),) $(MAKE) -C contrib gnome-ssh-askpass3 CC='$(CC) $(CPPFLAGS) $(CFLAGS) -Wall -Wl,--as-needed $(LDFLAGS)' PKG_CONFIG=$(PKG_CONFIG) endif -endif override_dh_auto_build-indep: diff --git a/debian/run-tests b/debian/run-tests index 52fcaf7..def9494 100755 --- a/debian/run-tests +++ b/debian/run-tests @@ -38,7 +38,7 @@ make -C "$tmp/regress" \ TEST_SSH_IPV6=yes \ TEST_SSH_ECC=yes \ TEST_SSH_UNSAFE_PERMISSIONS=1 \ - "$@" </dev/zero || ret="$?" + "$@" || ret="$?" if [ "$ret" -ne 0 ]; then for log in failed-regress.log failed-ssh.log failed-sshd.log; do if [ -e "$tmp/regress/$log" ]; then diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml index 8424db4..d69c6e7 100644 --- a/debian/salsa-ci.yml +++ b/debian/salsa-ci.yml @@ -1,3 +1,13 @@ --- include: - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml + +variables: + SALSA_CI_ENABLE_BUILD_PACKAGE_PROFILES: 1 + +test-build-profiles: + extends: .test-build-package-profiles + parallel: + matrix: + - BUILD_PROFILES: noudeb + - BUILD_PROFILES: pkg.openssh.nognome diff --git a/debian/tests/regress b/debian/tests/regress index 41108ce..72b1151 100755 --- a/debian/tests/regress +++ b/debian/tests/regress @@ -73,7 +73,7 @@ EOF # tests with "UsePAM yes" appears to be to make "UNKNOWN" # resolvable. if ! grep -q '[[:space:]]UNKNOWN$' /etc/hosts; then - echo '127.0.0.1 UNKNOWN' >>/etc/hosts + echo '127.0.0.2 UNKNOWN' >>/etc/hosts ADDED_HOST=: fi |